[OWASP-ESAPI] ESAPI.NET - Allow custom actions
jim.manico at owasp.org
Tue Aug 25 17:38:19 EDT 2009
Also, I want to be able to whitelist all endpoints and request
parameter names so the moment a "tester" tries params that my app does
not use, the alarm is sounded. I also want to stop multiple params of
the same name unless that param is registered as a multi-select list.
Just food for thought (hopefully).
On Aug 25, 2009, at 5:29 PM, Paul Apostolescu <apbogdan at gmail.com>
> I think one useful extension point for ESAPI would be to change
> intrusion detection actions from being predefined string values to
> objects implementing a standard interface called IAction (for
> example). The motivation is that sometimes you need to do more then
> just a simple logout - for example you may want to trigger a more
> complex web sso logout.
> The default implementation will continue to have the already
> implemented actions but wrapped as IAction instances, and it will
> also allow consumers to add named custom actions at runtime - much
> like the validation rules and codes are working today.
> Let me know what you think.
> OWASP-ESAPI mailing list
> OWASP-ESAPI at lists.owasp.org
More information about the OWASP-ESAPI